Adversarially Robust and Explainable Model Compression with On-Device Personalization for Text Classification

TL;DR

This paper introduces a novel approach for compressing and personalizing NLP models on mobile devices, addressing adversarial robustness and explainability, with extensive experiments demonstrating improved performance over existing methods.

Contribution

It proposes a new training scheme that combines model compression, adversarial robustness, explainability, and personalization for on-device NLP applications.

Findings

Outperforms existing compact RNNs like FastGRNN and PRADO in natural and adversarial settings.

Enhances model robustness against adversarial attacks in NLP tasks.

Enables effective on-device personalization through fine-tuning.

Abstract

On-device Deep Neural Networks (DNNs) have recently gained more attention due to the increasing computing power of the mobile devices and the number of applications in Computer Vision (CV), Natural Language Processing (NLP), and Internet of Things (IoTs). Unfortunately, the existing efficient convolutional neural network (CNN) architectures designed for CV tasks are not directly applicable to NLP tasks and the tiny Recurrent Neural Network (RNN) architectures have been designed primarily for IoT applications. In NLP applications, although model compression has seen initial success in on-device text classification, there are at least three major challenges yet to be addressed: adversarial robustness, explainability, and personalization. Here we attempt to tackle these challenges by designing a new training scheme for model compression and adversarial robustness, including the optimization of an explainable feature mapping objective, a knowledge distillation objective, and an adversarially robustness objective. The resulting compressed model is personalized using on-device private training data via fine-tuning. We perform extensive experiments to compare our approach with both compact RNN (e.g., FastGRNN) and compressed RNN (e.g., PRADO) architectures in both natural and adversarial NLP test settings.